Steve (et al.),
On 3/12/2014 2:47 PM, Stephen Kent wrote:
...
Is there a reason not to just call unauthenticated key exchange what
it is - unauthenticated key exchange?
I think we want more than that, as I described above, hence the desire
to coin a new term.
No disagreement; there seems to be a need then for two terms:
1. unauthenticated key exchange/use
2. security that uses authentication when available,
but allows unauthenticated methods as a backup
Personally, I'd call the first "zero-ID" (yes, FWIW, the similarity to
'zero-touch' was intentional), and the second "zero-ID fallback".
I'm not wed to either term, but "opportunistic" doesn't seem useful
because OE seems to me a lot more like "use this key and hope it works",
which isn't part of either case above.
Joe
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
